This is a multi-part message in MIME format.
--------------070307000107030707080400
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I've figured it out - finally -
the issue is/was that I added a virtual interface to the bridge
interface on startup. I added the "ovirtmgmt:1" interface to be able to
get to the VMs which are on a completely different network range - to
fix it, i had to remove the virtual interface (unfortunately), detached
the ovirtmgmt interface from eth0 and then re-attached and voila, all
good again ... i did a restart of the HV (node) just in case ;) ..
Alex
On 11/07/2012 09:47 AM, Itamar Heim wrote:
On 11/07/2012 01:37 AM, Alex Leonhardt wrote:
> I think this post I just found is related to my issue :
>
>
http://www.mail-archive.com/users@ovirt.org/msg03010.html
>
> at the bottom it explains how changing the "display network" can break
> spice ...
you can tell the spice client the subject of the certificate to
expect, regardless of the ip you are connecting to.
>
> i'll try the removal of the host and re-adding (hopefully my VMs are
> safe!)
>
> Alex
>
> On 11/06/2012 11:55 PM, Alex Leonhardt wrote:
>> Yep, found it - and it's related to this site / update to spice here :
>>
>>
http://spice-space.org/page/SSLConnection
>>
>> but now i get :
>>
>> $ spicec -h 192.168.1.21 -s 5901
>> Error: failed to connect w/SSL, ssl_error
>> error:00000001:lib(0):func(0):reason(1)
>> 140370158261576:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
>> version number:s3_pkt.c:338:
>> Warning: SSL Error:
>>
>> I belive that's got something to do with trying to use ssl3 (as the ca
>> cert is ssl v3) instead of ssl v2 ...
>>
>> Alex
>>
>>
>> On 11/06/2012 11:42 PM, Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "Alex Leonhardt"<alex.tuxx(a)gmail.com>
>>>> To: "Alon Levy"<alevy(a)redhat.com>
>>>> Cc:spice-devel@lists.freedesktop.org,users@ovirt.org
>>>> Sent: Wednesday, November 7, 2012 1:35:09 AM
>>>> Subject: Re: [Users] [Spice-devel] Unable to establish spice session
>>>>
>>>>
>>>> This is what i receive when trying to launch it manually :
>>>>
>>>> $ spicec -h 192.168.1.21 -p 5901 -s 5901
>>>>
>>>> Error: SSL_CTX_load_verify_locations failed
>>>> CA_file=/home/user/.spicec/spice_truststore.pem
>>>> 140141786060104:error:02001002:system library:fopen:No such file or
>>>>
directory:bss_file.c:126:fopen('/home/user/.spicec/spice_truststore.pem','r')
>>>>
>>>> 140141786060104:error:2006D080:BIO routines:BIO_new_file:no such
>>>> file:bss_file.c:129 :
>>>> 140141786060104:error:0B084002:x509 certificate
>>>> routines:X509_load_cert_crl_file:system lib:by_file.c:279:
>>>> Warning: SSL Error:
>>>>
>>>> Alex
>>>>
>>> You need --ca-file parameter.
>>> Download the certificate usinghttp://engine/ca.crt
>>>
>>> Alon
>
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
>
--------------070307000107030707080400
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font size="-1"><font face="Tahoma">I've figured
it out - finally -
<br>
<br>
the issue is/was that I added a virtual interface to the bridge
interface on startup. I added the "ovirtmgmt:1" interface to be
able to get to the VMs which are on a completely different
network range - to fix it, i had to remove the virtual interface
(unfortunately), detached the ovirtmgmt interface from eth0 and
then re-attached and voila, all good again ... i did a restart
of the HV (node) just in case ;) .. <br>
<br>
Alex<br>
<br>
</font></font><br>
On 11/07/2012 09:47 AM, Itamar Heim wrote:
<blockquote cite="mid:509A2E31.7090802@redhat.com"
type="cite">On
11/07/2012 01:37 AM, Alex Leonhardt wrote:
<br>
<blockquote type="cite">I think this post I just found is related
to my issue :
<br>
<br>
<a class="moz-txt-link-freetext"
href="http://www.mail-archive.com/users@ovirt.org/msg03010.html"...
<br>
<br>
at the bottom it explains how changing the "display network" can
break
<br>
spice ...
<br>
</blockquote>
<br>
you can tell the spice client the subject of the certificate to
expect, regardless of the ip you are connecting to.
<br>
<br>
<blockquote type="cite">
<br>
i'll try the removal of the host and re-adding (hopefully my VMs
are safe!)
<br>
<br>
Alex
<br>
<br>
On 11/06/2012 11:55 PM, Alex Leonhardt wrote:
<br>
<blockquote type="cite">Yep, found it - and it's related to
this
site / update to spice here :
<br>
<br>
<a class="moz-txt-link-freetext"
href="http://spice-space.org/page/SSLConnection">http://spic...
<br>
<br>
but now i get :
<br>
<br>
$ spicec -h 192.168.1.21 -s 5901
<br>
Error: failed to connect w/SSL, ssl_error
<br>
error:00000001:lib(0):func(0):reason(1)
<br>
140370158261576:error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong
<br>
version number:s3_pkt.c:338:
<br>
Warning: SSL Error:
<br>
<br>
I belive that's got something to do with trying to use ssl3
(as the ca
<br>
cert is ssl v3) instead of ssl v2 ...
<br>
<br>
Alex
<br>
<br>
<br>
On 11/06/2012 11:42 PM, Alon Bar-Lev wrote:
<br>
<blockquote type="cite">----- Original Message -----
<br>
<blockquote type="cite">From: "Alex
Leonhardt"<a class="moz-txt-link-rfc2396E"
href="mailto:alex.tuxx@gmail.com"><alex.tuxx@gmail.com></a>
<br>
To: "Alon Levy"<a class="moz-txt-link-rfc2396E"
href="mailto:alevy@redhat.com"><alevy@redhat.com></a>
<br>
<a class="moz-txt-link-abbreviated"
href="mailto:Cc:spice-devel@lists.freedesktop.org,users@ovirt.org">Cc:spice-devel@lists.freedesktop.org,users@ovirt.org</a>
<br>
Sent: Wednesday, November 7, 2012 1:35:09 AM
<br>
Subject: Re: [Users] [Spice-devel] Unable to establish
spice session
<br>
<br>
<br>
This is what i receive when trying to launch it manually :
<br>
<br>
$ spicec -h 192.168.1.21 -p 5901 -s 5901
<br>
<br>
Error: SSL_CTX_load_verify_locations failed
<br>
CA_file=/home/user/.spicec/spice_truststore.pem
<br>
140141786060104:error:02001002:system library:fopen:No
such file or
<br>
directory:bss_file.c:126:fopen('/home/user/.spicec/spice_truststore.pem','r')
<br>
140141786060104:error:2006D080:BIO
routines:BIO_new_<a class="moz-txt-link-freetext"
href="file:no">file:no</a> such
<br>
<a class="moz-txt-link-freetext"
href="file:bss_file.c:129">file:bss_file.c:129</a> :
<br>
140141786060104:error:0B084002:x509 certificate
<br>
routines:X509_load_cert_crl_<a class="moz-txt-link-freetext"
href="file:system">file:system</a>
lib:by_file.c:279:
<br>
Warning: SSL Error:
<br>
<br>
Alex
<br>
<br>
</blockquote>
You need --ca-file parameter.
<br>
Download the certificate usinghttp://engine/ca.crt
<br>
<br>
Alon
<br>
</blockquote>
</blockquote>
<br>
<br>
_______________________________________________
<br>
Users mailing list
<br>
<a class="moz-txt-link-abbreviated"
href="mailto:Users@ovirt.org">Users@ovirt.org</a>
<br>
<a class="moz-txt-link-freetext"
href="http://lists.ovirt.org/mailman/listinfo/users">http://...
<br>
<br>
</blockquote>
<br>
<br>
</blockquote>
</body>
</html>
--------------070307000107030707080400--